function WriteMenu($siteid, $siteurl, $sitetarget, $a, $Display, $AdminDisplay) { $DbLink2 = new DB(); $DbLink2->query("SELECT id,url,target FROM " . C_PAGE_TBL . " Where parent = '" . cleanQuery($siteid) . "' and active='1' and ((display='{$Display}') or (display='2') " . $AdminDisplay . ") ORDER BY rank ASC "); if ($siteurl != "") { if ($sitetarget == '_self') { if ($_GET[btn] == $siteid) { echo "<li><a href=\"#\"><span>{$a[$siteid]}</span></a>"; if ($DbLink2->num_rows() > 0) { echo "<ul>"; while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) { WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay); } echo "</ul>"; } echo "</li>"; } else { echo "<li><a href=\"{$siteurl}&btn={$siteid}\"><span>{$a[$siteid]}</span></a>"; if ($DbLink2->num_rows() > 0) { echo "<ul>"; while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) { WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay); } echo "</ul>"; } echo "</li>"; } } else { if ($sitetarget == '_external') { echo "<li><a href=\"{$siteurl}\"><span>{$a[$siteid]}</span></a>"; if ($DbLink2->num_rows() > 0) { echo "<ul>"; while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) { WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay); } echo "</ul>"; } echo "</li>"; } else { echo "<li><a href=\"#\" onclick=\"window.open('{$siteurl}','mywindow','')\"><span>{$a[$siteid]}</span></a>"; if ($DbLink2->num_rows() > 0) { echo "<ul>"; while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) { WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay); } echo "</ul>"; } echo "</li>"; } } } else { echo "<li><a href=\\index.php?&page=smodul&id={$siteid}&btn={$siteid}\"><span>{$a[$siteid]}</span></a></li>"; } }
$result = mysqli_query($mysqli, $sql); if (mysqli_num_rows($result) != 0) { echo '<div class="error" id="errorr" >Email Id Already Registered.</div>'; } else { $sql1 = "select * from referrals where email= '" . $email2 . "'"; $result1 = mysqli_query($mysqli, $sql1); if (mysqli_num_rows($result1) != 0) { echo '<div class="error">Email Id Already Reffered.</div>'; } } } } else { if ($email2 != "") { echo '<div class="alert">Invalid email Address.</div>'; } } } if (isset($_GET['contact'])) { $contact2 = cleanQuery($_GET['contact']); if ($contact2 == "") { //echo '<div class="error">Please type Email ID</div>'; } else { $sql = "select * from " . $tablename . " where contact= '" . $contact2 . "'"; $result = mysqli_query($mysqli, $sql); if (mysqli_num_rows($result) == 0) { echo '<div class="success">Contact available</div>'; } else { echo '<div class="error">Contact Already Exists</div>'; } } }
$smarty->assign('mygroup', ''); } $action = array(); if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) { $action = $_REQUEST['action']; } else { $action = array(); } $smarty->assign('action', $action); $query = array(); if (isset($_REQUEST['query']) && is_array($_REQUEST['query'])) { $query = $_REQUEST['query']; } else { $query = array('querypiece' => array()); } cleanQuery($query); $query['queryid'] = empty($_SESSION['counter']) ? 0 : $_SESSION['counter']; $query = prepare_html_query($query); $config['soapresults'] = !empty($query['collectionid']) && $query['collectionid'] == '-1' ? true : false; $smarty->assign('config', $config); if (!$valid_login) { $logins->logout(); $smarty->display($config['skin'] . '/login.tpl'); exit; } $admin = $logins->isInGroup($config['authdomain'], $config['admingroup']); $editor = $logins->isInGroup($config['authdomain'], $config['editorgroup']); if ($admin) { $editor = true; } $user = array('login' => $logins->getUID($config['authdomain']), 'editor' => $editor ? 1 : 0, 'admin' => $admin ? 1 : 0, 'usemygroup' => $admin || ($config['usemygroup'] == 'editor' ? $editor : 0) | $config['usemygroup'] == 'user' ? 1 : 0, 'editgroup' => $admin || ($config['editgroup'] == 'editor' ? $editor : 0) | $config['editgroup'] == 'user' ? 1 : 0, 'insertimage' => $admin || ($config['insertimage'] == 'editor' ? $editor : 0) | $config['insertimage'] == 'user' ? 1 : 0);
//original results (may contain duplicates) $bingResultsOrig = array(); //original results (may contain duplicates) $blekkoResults = array(); //results with duplicates removed $googleResults = array(); //results with duplicates removed $bingResults = array(); //results with duplicates removed $aggregatedResults = array(); //array to store aggregated results in $synonyms = array(); //array to store synonyms retrieved //CLEAN THE QUERY STRING FOR SUGGEST WORDS $queryEntered = $_POST['query']; $cleanedQuery = cleanQuery($queryEntered); //****************************************************************************** //Turn off Warning-reporting for the following warning on CSSERVER: //Warning: file_get_contents() [function.file-get-contents]: // SSL: fatal protocol error in ... //error_reporting(E_ERROR | E_PARSE); error_reporting(0); //****************************************************************************** //****************************************************************************** //IF WORD SUGGESTIONS HAVE BEEN REQUESTED DISPLAY ALTERNATIVES if (isset($_POST['reWrite']) && $_POST['reWrite'] != '') { //ONLY WANT THE FIRST WORD FOR OUR LOOKUP $firstQueryWord = getFirstWord($cleanedQuery); //LOOKUP THE WORD getSynonyms($firstQueryWord, $synonyms); //INCLUDE PHP FUNCTION WHICH CREATES A FORM BASED ON THE SYNONYM ARRAY
<?php include "../../settings/config.php"; include "../../settings/databaseinfo.php"; include "../../settings/json.php"; include "../../settings/mysql.php"; include "../../languages/translator.php"; include "../../templates/templates.php"; $DbLink = new DB(); if ($_GET[name]) { $userName = $_GET['name']; $found = array(); $found[0] = json_encode(array('Method' => 'GetProfile', 'WebPassword' => md5(WEBUI_PASSWORD), 'Name' => cleanQuery($_GET['name']))); $do_post_requested = do_post_request($found); $recieved = json_decode($do_post_requested); $profileTXT = $recieved->{'profile'}->{'AboutText'}; $profileImage = $recieved->{'profile'}->{'Image'}; $created = $recieved->{'account'}->{'Created'}; $UUID = $recieved->{'account'}->{'PrincipalID'}; $diff = $recieved->{'account'}->{'TimeSinceCreated'}; $type = $recieved->{'account'}->{'AccountInfo'}; $partner = $recieved->{'account'}->{'Partner'}; $date = date("D d M Y - g:i A", $created); } $DbLink->query("SELECT id,\n displayTopPanelSlider, \n displayTemplateSelector,\n displayStyleSwitcher,\n displayStyleSizer,\n displayFontSizer,\n displayLanguageSelector,\n displayScrollingText,\n displayWelcomeMessage,\n displayLogo,\n displayLogoEffect,\n displaySlideShow,\n displayMegaMenu,\n displayDate,\n displayTime,\n displayRoundedCorner,\n displayBackgroundColorAnimation,\n displayPageLoadTime,\n displayW3c,\n displayRss FROM " . C_ADMINMODULES_TBL . " "); list($id, $displayTopPanelSlider, $displayTemplateSelector, $displayStyleSwitcher, $displayStyleSizer, $displayFontSizer, $displayLanguageSelector, $displayScrollingText, $displayWelcomeMessage, $displayLogo, $displayLogoEffect, $displaySlideShow, $displayMegaMenu, $displayDate, $displayTime, $displayRoundedCorner, $displayBackgroundColorAnimation, $displayPageLoadTime, $displayW3c, $displayRss) = $DbLink->next_record(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
<?php include "includes/app_top.php"; $t = cleanQuery($_POST['t']); $getid = cleanQuery($_POST['id']); if ($t != "" && $getid != "") { $query = "update " . $t . " set userid=0,contactdate='',iscalled=0, vote=0, comments='' where id=" . $getid; mysqli_query($mysqli, $query); $msg = '<div class="success">Removed User from Contact Status Successfully</div>'; }
<?php include "includes/app_top.php"; checkUserLogin(); if ($action == "send") { $message = cleanQuery($_POST['message']); $query = "insert into feedback (description,name,email,stateid,datesent) VALUES ('{$message}','" . $_SESSION['user'] . "','" . $_SESSION['useremail'] . "',{$stateid},'{$date}')"; $a = mysqli_query($mysqli, $query); require 'includes/mailer.php'; $esubject = "AAP Call Campaign - Feedback"; sendmail($_SESSION['useremail'], $_SESSION["user"], $adminemail, $esubject, "User: "******"user"] . "<br />Email: " . $_SESSION['useremail'] . "<br />Campaign: " . $_SESSION['campaign'] . "<br /><br />" . $message); if ($a) { tep_redirect("feedback.php?action1=success"); } else { tep_redirect("feedback.php?action1=err"); } } include "includes/styles.php"; ?> <script type="text/javascript" src="../js/ajax.js"></script> <script src="../js/jquery.validate.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function() { $("#volunteer").validate({ rules: { message:"required", } });}); </script> </head> <body class="bgwhite">
<?php include 'configure.php'; include 'functions.php'; $id = cleanQuery($_GET['id']); $iscalled = cleanQuery($_GET['iscalled']); $query = "update contacts set iscalled=" . $iscalled . " where id=" . $id; mysqli_query($mysqli, $query); $msg = '<div class="success">Updated Call Status</div>'; print $msg;
list($UUID, $EMAIL) = $DbLink->next_record(); } if($UUID) { $found = array(); $found[0] = json_encode(array('Method' => 'SaveEmail', 'WebPassword' => md5(WEBUI_PASSWORD) , 'UUID' => cleanQuery($UUID) , 'Email' => cleanQuery($EMAIL))); $do_post_requested = do_post_request($found); $recieved = json_decode($do_post_requested); if ($recieved->{'Verified'} == 1) { $WERROR="Thank you, your email address was changed"; $DbLink->query("DELETE FROM ".C_CODES_TBL." WHERE code='".cleanQuery($_GET[code])."' and info='emailconfirm'"); } } else { $WERROR="This isnt a valid code or maybe the code was older than 24h"; } ?> <style type="text/css"> <!-- .Stil1 { font-size: 18px; font-weight: bold; } -->
mysql_close($connection); $actualizo = 1; } /////////////////////////////////////// if ($_POST['editres'] == 0 and $_POST["boton"] == "Submit") { $client = $_POST["client"]; $barrival = $_POST["arrival"]; $arrival = date("Y-m-d", strtotime($barrival)); $bdeparture = $_POST["departure"]; $departure = date("Y-m-d", strtotime($bdeparture)); $villa = $villaid; $owner = $owneridses; $estatus = $_POST["estatus"]; $dateres = date("Y-m-d"); $staffcomments = cleanQuery($_POST["comments"]); $suppliersnote = cleanQuery($_POST["notes"]); $emailcontact = $_POST["email"]; $agencia = $_POST["agencia"]; if ($_POST["payment1"] != "") { $bpago1 = $_POST["payment1"]; $vpago1 = date("Y-m-d", strtotime($bpago1)); } if ($_POST["payment2"] != "") { $bpago2 = $_POST["payment2"]; $vpago2 = date("Y-m-d", strtotime($bpago2)); } if (is_numeric($_POST["rooms"])) { $vrooms = $_POST["rooms"]; } else { $vrooms = "NULL"; }
<?php include "includes/app_top.php"; $pcat = "Contacts"; $pagetitle = "Categories"; $getid = getid('id'); checkAdminLogin(); checkState(); if ($action == "addcategory") { $query = "insert into categories (catname,state_id,datemodified,volunteer,booth,buzz,`call`,jansabha,donate) VALUE ('" . cleanQuery($_POST['categoryname']) . "','" . cleanQuery($_POST['stateid']) . "','{$date}'," . cleanQuery($_POST['volunteer']) . "," . cleanQuery($_POST['booth']) . "," . cleanQuery($_POST['buzz']) . "," . cleanQuery($_POST['call']) . "," . cleanQuery($_POST['jansabha']) . "," . cleanQuery($_POST['donate']) . ")"; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=add&action=add')); } if ($action == "change") { $query = "update categories set catname='" . cleanQuery($_POST['categoryname2']) . "',state_id='" . cleanQuery($_POST['stateid2']) . "',datemodified='" . $date . "',volunteer=" . cleanQuery($_POST['volunteer2']) . ",booth=" . cleanQuery($_POST['booth2']) . ",buzz=" . cleanQuery($_POST['buzz2']) . ",`call`=" . cleanQuery($_POST['call2']) . ",jansabha=" . cleanQuery($_POST['jansabha2']) . ",donate=" . cleanQuery($_POST['donate2']) . " where id=" . $getid; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=update')); } include "includes/styles.php"; ?> </head> <body> <?php include "includes/header.php"; include "includes/side-bar.php"; ?> <div class="pageHeadingBlock "> <div class="grayBackground"> <div class="fR t-r spcT_b"> <a onClick="displayadd();" class="btn btn-primary coursesMenu">Add Category</a> </div>
<?php include "includes/app_top.php"; $pagetitle2 = "Edit Profile"; checkUserLogin(); if ($action == "edit") { $query = "update users set name='" . cleanQuery($_POST['name']) . "', gender='" . cleanQuery($_POST['gender']) . "', state='" . cleanQuery($_POST['state']) . "', phone='" . cleanQuery($_POST['phone']) . "',city='" . cleanQuery($_POST['city']) . "',country='" . cleanQuery($_POST['country']) . "',countrycode='" . cleanQuery($_POST['countrycode']) . "', catid=" . cleanQuery($_POST['category']) . " where id=" . $_SESSION['userid']; $a = mysqli_query($mysqli, $query); if ($a) { $_SESSION['usercatid'] = cleanQuery($_POST['category']); $_SESSION['getcontact'] = ''; tep_redirect(tep_href_link($pagename, 'action1=success')); } else { tep_redirect(tep_href_link($pagename, 'action1=err')); } } include "includes/styles.php"; include "../includes/colorbox.php"; ?> <script src="../js/jquery.validate.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function() { checkstudent(); $("#signup").validate({ rules: { name:"required", gender: "required", phone: "required", } }); });
function user_details($user) { /*Returns details of an user*/ $user = cleanQuery($user); $sql = "SELECT * FROM users WHERE username='******'"; //echo $sql; $result = mysql_query($sql); if (!$result) echo mysql_error(); $row = mysql_fetch_assoc($result); if (is_array($row)) { return $row; } else { return; } }
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep8"]) . "' WHERE Steps = 'HoverStep8'"); } if ($_POST[EndStep8] == "{$webui_admin_options_modify}") { $DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep8"]) . "' WHERE Steps = 'EndStep8'"); } if ($_POST[HoverStep9] == "{$webui_admin_options_modify}") { $DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep9"]) . "' WHERE Steps = 'HoverStep9'"); } if ($_POST[EndStep9] == "{$webui_admin_options_modify}") { $DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep9"]) . "' WHERE Steps = 'EndStep9'"); } if ($_POST[HoverStep10] == "{$webui_admin_options_modify}") { $DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep10"]) . "' WHERE Steps = 'HoverStep10'"); } if ($_POST[EndStep10] == "{$webui_admin_options_modify}") { $DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep10"]) . "' WHERE Steps = 'EndStep10'"); } // For Color $DbLink->query("SELECT id, Options , Steps, Colors, Display FROM " . C_ADMINBGCOLORANIM_TBL . " "); list($id, $Options, $Steps, $Colors, $displayBackgroundColorAnimation) = $DbLink->next_record(); ?> <div id="content"> <div id="ContentHeaderLeft"><h5><?php echo SYSNAME; ?> </h5></div> <div id="ContentHeaderCenter"></div> <div id="ContentHeaderRight"><h5><? echo $webui_admin_options; ?></h5></div> <div id="adminsettings"> <div id="info"><p><? echo $webui_admin_options_info; ?> $displayBackgroundColorAnimation </p></div>
$response['arrayContent'][$i] = json_encode($response['arrayContent'][$i]); } $response['content']['mgs'] = encode_tojson($type . '_updated'); $response['content']['hasArray'] = encode_tojson($i); } if (@$_POST['action'] == 'upload_perfil') { $_POST['usuarios_id']; //subir imagen del perro $image_name = upload_image('fileUpload', str_replace('.png', '', $_POST['usuario_foto'])); db_update('usuarios', array('foto' => $image_name), array('id' => $_POST['usuarios_id'])); $response['content']['mgs'] = 'imagen cargada correctamente'; } if (@$_POST['action'] == 'get_updates') { $_POST['serverupdate']; $_POST['table']; $type = cleanQuery($_POST['table']); $where = array('serverupdate > ' => $_POST['serverupdate']); /*if($type == 'respuestas_usuarios' || $type == 'notificaciones' || $type == 'videos_usuarios_empresas'){ $where['usuarios_id'] = $_POST['usuarios_id']; }*/ $empresasData2 = array(); $empresasData = get($type, '*', $where); $i = 0; if (!empty($empresasData)) { foreach ($empresasData as $dada) { $i++; $empresasData2[$i] = array(); //p($dada); foreach ($dada as $dada2_key => $dada2_val) { //$empresasData2[$i][$dada2_key] = mb_convert_encoding($dada2_val, "UTF-8", "HTML-ENTITIES"); //p($dada2);
if (in_array($_GET["lg"],$languages)){ $lg = $_GET["lg"]; /*Verify if selected language is in array*/ $smarty->assign('lg_url', '/'.$lg.''); /*Set template lg url ex. www.example.com/lg*/ } else { /*Else*/ $lg = $_GET["lg"]; $lg = $languages[0]; /*select first language as default language*/ $smarty->assign('lg_url', ''); /*Set template lg url */ } $smarty->assign('current_url',$_SERVER['REQUEST_URI']); $smarty->assign('lg', $lg); /*Set template lg var*/ /*LOGIN SYSTEM*/ if (isset($_POST['login_user']) && isset($_POST['login_pass'])) { /*If there is any attempt of login verifies login*/ $logged = login(cleanQuery($_POST['login_user']),cleanQuery($_POST['login_pass'])); /*Do the login, updating user table*/ if ($logged==1) $_SESSION['logged']=1; /*If logged set session as logged*/ $smarty->assign('login_try', 1); /*To be used by template system to check if there is any login atempt*/ } if (isset($_SESSION['logged'])) /*If logged verify login ip and session*/ if ($_SESSION['logged']==1) { $user = verifica_login(); /*And get current user to var*/ if ($user) $current_user = $user; else $_SESSION['logged']=0; /*Else logoff automatic*/ } if ($current_user) $is_admin = is_admin($current_user); /*Set $is_admin if user is administrator*/ $smarty->assign('current_user', $current_user); /*Set template var of username*/ $smarty->assign('is_admin', $is_admin); /*Set template var of is_admin*/
$tpl->assign('isResult', true); foreach ($query as $key => $value) { if (isset($value['photo'])) { $query[$key]['photo'] = '<img src="' . CM_URL . '/cm_api/images.php?id=' . $value['id'] . '&thumbnail=1" />'; } $query[$key]['action'] = '<a href="' . CM_URL . '/cm_admin/edit.php?id=' . $value['id'] . '" target="_blank">Edit</a><br /><a href="' . CM_URL . '/cm_admin/profile.php?id=' . $value['id'] . '" target="_blank">Print</a><br /><a href="" id="' . $value['id'] . '" class="delProfile">Delete</a>'; if (isset($query[$key]['attachment']) && strlen($query[$key]['attachment']) > 0) { $query[$key]['action'] .= '<br /><a href="' . CM_URL . '/cm_api/attachments.php?id=' . $value['id'] . '" target="_blank">Attach</a>'; } } //datagrid, generating results table $grid = new SpoonDataGridSourceArray($query); $datagrid = new SpoonDatagrid($grid); $datagrid->setColumnsHidden('id', 'attachment'); $datagrid->setCompileDirectory(COMPILE_PATH); $url = $_SERVER['QUERY_STRING'] ? cleanQuery($_SERVER['QUERY_STRING']) . 'offset=[offset]&order=[order]&sort=[sort]' : '?offset=[offset]&order=[order]&sort=[sort]'; $datagrid->setURL($url); $datagrid->setSortingColumns(array('file', 'name', 'ic', 'id'), 'id'); $datagrid->setPagingLimit(PAGING_LIMIT); $datagrid->setHeaderLabels(array('file' => '档案 File', 'case' => '案情 Case', 'photo' => '照片 Photo', 'name' => '姓名 Name', 'ic' => '身份证 IC', 'action' => '操作')); $tpl->assign('results', $datagrid->getContent()); } else { $tpl->assign('tooltip', 'No Relevant Results.'); $frm->parse($tpl); } } else { $frm->parse($tpl); } $tpl->display(tpl_path('admin_search.tpl.php')); function cleanQuery($query) {
<?php include "includes/app_top.php"; if ($action == "send") { $message = cleanQuery($_POST['message']); $email = cleanQuery($_POST['email']); $username = cleanQuery($_POST['username']); $query = "insert into feedback (description,name,email,stateid,datesent) VALUES ('{$message}','{$username}','{$email}',{$stateid},'{$date}')"; $a = mysqli_query($mysqli, $query); require 'includes/mailer.php'; $esubject = "AAP Call Campaign - Feedback"; sendmail($email, $username, $adminemail, $esubject, "User: "******"<br/>Email: " . $email . "<br />Campaign: " . $_SESSION['campaign'] . "<br/><br/>" . $message); //echo $query; if ($a) { tep_redirect("feedback2.php?action1=success"); } else { tep_redirect("feedback2.php?action1=err"); } } include "includes/styles.php"; ?> <script type="text/javascript" src="../js/ajax.js"></script> <script src="../js/jquery.validate.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function() { $("#volunteer").validate({ rules: { message:"required", email: "email required", } });});
$name = $recieved->{'account'}->{'Name'}; $diff = $recieved->{'account'}->{'TimeSinceCreated'}; $type = $recieved->{'account'}->{'AccountInfo'}; $email = $recieved->{'account'}->{'Email'}; $partner = $recieved->{'account'}->{'Partner'}; $rlname = $recieved->{'agent'}->{'RLName'}; $street = $recieved->{'agent'}->{'RLAddress'}; $zip = $recieved->{'agent'}->{'RLZip'}; $city = $recieved->{'agent'}->{'RLCity'}; $country = $recieved->{'agent'}->{'RLCountry'}; $date = date("D d M Y - g:i A", $created); $DbLink->query("SELECT PrincipalID,Name FROM ".C_USERS_TBL." WHERE PrincipalID='".cleanQuery($_GET[userid])."'"); list($uuid,$accName) = $DbLink->next_record(); $DbLink->query("SELECT UserLevel FROM ".C_USERS_TBL." a where PrincipalID='".cleanQuery($_GET[userid])."'"); list($active) = $DbLink->next_record(); if($active == "-1") $active = "0"; else $active = "1"; ?> <div id="content"> <div id="ContentHeaderLeft"><h5><?php echo SYSNAME; ?>
if (theForm.email2.value != theForm.email.value) { alert("E-mail confirmation does not match with e-mail address."); theForm.email2.focus(); return (false); } return (true); } //--> </script> <?php if ($_POST[name] != '') { $found = array(); $found[0] = json_encode(array('Method' => 'ConfirmUserEmailName', 'WebPassword' => md5(WEBUI_PASSWORD), 'Name' => cleanQuery($_POST[name]), 'Email' => cleanQuery($_POST[email]))); $do_post_requested = do_post_request($found); $recieved = json_decode($do_post_requested); if ($recieved->{'Verified'} == "true") { // CODE generator function code_gen($cod = "") { // ######## CODE LENGTH ######## $cod_l = 10; // ######## CODE LENGTH ######## $zeichen = "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,0,1,2,3,4,5,6,7,8,9"; $array_b = explode(",", $zeichen); for ($i = 0; $i < $cod_l; $i++) { srand((double) microtime() * 1000000); $z = rand(0, 35); $cod .= "" . $array_b[$z] . "";
/** * Tests an UPDATE TABLE query * @param string table The table name to get DDL * @param string dbType MySQL, MSSQL, etc. * @param string query The query to test. * @return string Non-empty if error found */ function testQueryUpdate($table, $dbType, $query) { logThis('verifying UPDATE TABLE statement...'); global $db; if (empty($db)) { $db =& DBManagerFactory::getInstance(); } $error = ''; switch ($dbType) { case 'mysql': // get DDL $q = "SHOW CREATE TABLE {$table}"; $r = $db->query($q); $a = $db->fetchByAssoc($r); // rewrite DDL with _temp name $cleanQuery = cleanQuery($a['Create Table']); $tempTableQuery = str_replace("CREATE TABLE `{$table}`", "CREATE TABLE `{$table}__uw_temp`", $cleanQuery); $r2 = $db->query($tempTableQuery); // get sample data into the temp table to test for data/constraint conflicts logThis('inserting temp dataset...'); $q3 = "INSERT INTO `{$table}__uw_temp` SELECT * FROM `{$table}` LIMIT 10"; $r3 = $db->query($q3, false, "Preflight Failed for: {$query}"); // test the query on the test table logThis('testing query: [' . $query . ']'); $tempTableTestQuery = str_replace("UPDATE `{$table}`", "UPDATE `{$table}__uw_temp`", $query); // make sure the test query is running against a temp table if (isRunningAgainstTrueTable($tempTableTestQuery)) { $error = getFormattedError('Could not use a temp table to test query!', $tempTableTestQuery); return $error; } $r4 = $db->query($tempTableTestQuery, false, "Preflight Failed for: {$query}"); $error = mysql_error(); // empty on no-errors if (!empty($error)) { logThis('*** ERROR: query failed.'); $error = getFormattedError($error, $query); } break; case 'mssql': break; case 'oci8': logThis('Oracle found: skipping test query - [' . $query . ']'); break; } logThis('verification done.'); return $error; }
<div id="info3"><h3><? echo $webui_help_title_comment03; ?></h3> <p><? echo $webui_help_comment03; ?></p> </div> <p> <? $DbLink2 = new DB; $DbLink = new DB; if ($_SESSION[USERID]) $Display = 1; else $Display = 0; if($_SESSION[ADMINID]) $AdminDisplay = " or (display='3')"; else $AdminDisplay = ""; $DbLink2->query("SELECT id,url,target FROM " . C_PAGE_TBL . " Where parent = '".cleanQuery($_GET[btn])."' and active='1' and ((display='$Display') or (display='2') " . $AdminDisplay . ") ORDER BY rank ASC "); $a = get_defined_vars(); while (list($siteid, $siteurl, $sitetarget) = $DbLink2->next_record()) { echo "<a href=\"$siteurl&btn=$siteid\"><span>$a[$siteid]</span></a><br/>"; } ?> </p></div></div>
<?php include "includes/app_top.php"; $pagetitle2 = "Forgot Password"; $campaign = $_SESSION['campaign']; if ($action == "send") { $mailto = cleanQuery($_POST["email"]); $sql = "select * from users where email='" . $mailto . "'"; $res = mysqli_query($mysqli, $sql); $row = mysqli_fetch_assoc($res); if ($mailto == $row['email']) { $verifycode = create_randomid(10); $query = "update users set confirmation='" . $verifycode . "' where id=" . $row['id']; @mysqli_query($mysqli, $query); $sql2 = "select * from email_templates where id=2"; $res2 = mysqli_query($mysqli, $sql2); $row2 = mysqli_fetch_assoc($res2); $esubject = $row2['subject']; $esubject = str_replace("[NAME]", $row['name'], $esubject); $esubject = str_replace("[SITENAME]", $sitename, $esubject); $emailtext = $row2['description']; $emailtext = str_replace("[NAME]", $row['name'], $emailtext); $emailtext = str_replace("[EMAIL]", $row['email'], $emailtext); $emailtext = str_replace("[VERIFYCODE]", $verifycode . "&campaign=" . $campaign, $emailtext); $emailtext = str_replace("[SITEURL]", 'http://emc3.aamaadmiparty.org/delhi/', $emailtext); $emailtext = str_replace("[SITENAME]", $sitename, $emailtext); $emailtext = str_replace("[ADMINEMAIL]", $adminemail, $emailtext); require 'includes/mailer.php'; sendmail('', '', $mailto, $esubject, $emailtext); tep_redirect(tep_href_link($pagename, 'action1=success')); //else
function get_temporary_user($email = '') { $query = "select id from usuarios where email = '" . cleanQuery($email) . "' and password is null and fbid is null "; $sql = mysql_query($query); $data_ = array(); while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)) { $data_[] = $row; } if (!empty($data_)) { return array_shift($data_); } else { return false; } }
<?php include 'configure.php'; include 'functions.php'; $name = cleanQuery($_GET['name']); $lastname = cleanQuery($_GET['lastname']); $email = cleanQuery($_GET['email']); $membernumber = ismember1($firstname, $lastname, $email); if ($membernumber != '') { echo "VEP Member"; } else { echo ""; }
<?php include "includes/app_top.php"; $getid = getid('id'); checkAdminLogin(); checkState(); if ($action == "update") { $comments = cleanQuery($_POST['comments']); $query = "update enquiries set admincomments='" . $comments . "' where id=" . $getid; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=success&id=' . $getid)); } include "includes/styles.php"; ?> </head> <body> <?php include "includes/header.php"; ?> <h1>Enquiry Details</h1> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="text9"> <tr> <td align="right" height="30" style="font-weight:bold"><a href="enquiries.php">Back to Enquiries</a> | <a href="send-mail.php?eid=<?php echo $getid; ?> ">Reply Mail</a></td> </tr> <tr>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no"> <meta charset="utf-8"> </head> <body> <?php include "includes/header.php"; ?> <div class="division-1"> <h1>LEADERBOARDS</h1> <b style="color:red;">TO SEE FULL CALL CAMPAIGN STATISTICS (EMC3 + TOLLFREE), PLEASE GOTO: </b><b><a href="../reports/" target="_blank">http://myaap.in/callreport</a></b></br></br> <?php if ($action == "show") { $keyword = cleanQuery($_POST['keyword']); } else { $keyword = ''; } ?> <form name="search" method="post" action="dashboard.php?action=show" onSubmit="return validatefilter(this)" class="coursesMenu"> <div class="row-fluid"> Filter By Name or Location: <input type="text" name="keyword" id="keyword" class="input span12" style="width:200px" value="<?php echo $keyword; ?> " placeholder="Keyword" /> <button class="leftformbt" style="font-size:13px; padding:4px 10px;">Search</button> <button class="leftformbt" style="font-size:13px; padding:4px 10px;"><a style="color:white;" href="dashboard.php">Clear</a></button> </div> </form> <?php
while(list($UUID) = $DbLink->next_record()) { // Let's get the user info $DbLink3 = new DB; $DbLink3->query("SELECT CurrentRegionID from ".C_USERINFO_TBL." where UserID = '".cleanQuery($UUID)."'"); list($RegionUUID) = $DbLink3->next_record(); $DbLink2 = new DB; $DbLink2->query("SELECT FirstName, LastName from ".C_USERS_TBL." where PrincipalID = '".cleanQuery($UUID)."'"); list($firstname, $lastname) = $DbLink2->next_record(); $username = $firstname." ".$lastname; // Let's get the region information $DbLink3 = new DB; $DbLink3->query("SELECT RegionName from ".C_REGIONS_TBL." where RegionUUID = '".cleanQuery($RegionUUID)."'"); list($region) = $DbLink3->next_record(); if ($region != "") { $NOWONLINE = $NOWONLINE + 1; } } $DbLink->query("SELECT count(*) FROM ".C_USERINFO_TBL." where LastLogin > UNIX_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) - 2419200))"); list($LASTMONTHONLINE) = $DbLink->next_record(); $DbLink->query("SELECT count(*) FROM ".C_USERS_TBL.""); list($USERCOUNT) = $DbLink->next_record(); $DbLink->query("SELECT count(*) FROM ".C_REGIONS_TBL.""); list($REGIONSCOUNT) = $DbLink->next_record();
tep_redirect(tep_href_link('profile.php', 'action1=err')); } if ($action == "add2") { $password = sha1(cleanQuery($_POST['password'])); $username = cleanQuery($_POST['username']); $email = cleanQuery($_POST['email']); $designation = cleanQuery($_POST['designation']); $query = "insert into admins (username, password, email, designation, datemodified) VALUES ('{$username}', '{$password}', '{$email}', '{$designation}','{$date}')"; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=success')); } if ($action == "change") { $password = cleanQuery($_POST['password2']); $username = cleanQuery($_POST['username2']); $email = cleanQuery($_POST['email2']); $designation = cleanQuery($_POST['designation2']); $query = "update admins set username='******', email='{$email}', designation='{$designation}', datemodified='{$date}' where id=" . $getid; mysqli_query($mysqli, $query); if ($password != '') { $password2 = sha1($password); $query2 = "update admins set password='******' where id=" . $getid; mysqli_query($mysqli, $query2); } tep_redirect(tep_href_link($pagename, 'action1=success1')); } if ($action == "achange") { if (is_array($_POST["accesslevel2"]) == true) { $accesslevelStr = implode("", $_POST["accesslevel2"]); } else { $accesslevelStr = $_POST["accesslevel2"]; }
$heading = cleanQuery($_POST['name']); $tablename = cleanQuery($_POST['tablename']); $pagetitle = cleanQuery($_POST['pagetitle']); $description = str_replace("\"../images/", "\"images/", $description); $query = "insert into states (name,tablename,pagetitle, description,sitename, datemodified) VALUES ('{$heading}','{$tablename}','{$pagetitle}','{$description}', '" . cleanQuery($_POST['sitename']) . "', '{$date}')"; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=success')); } if ($action == "edit") { $access = cleanQuery($_POST['access']); $description = cleanQuery($_POST['description2']); $heading = cleanQuery($_POST['name']); $tablename = cleanQuery($_POST['tablename']); $pagetitle = cleanQuery($_POST['pagetitle']); $description = str_replace("\"../images/", "\"images/", $description); $query = "update states set description='" . $description . "',access='" . $access . "', sitename='" . cleanQuery($_POST['sitename']) . "',tablename='" . $tablename . "',pagetitle='" . $pagetitle . "', name='" . $heading . "', datemodified='" . $date . "' where id=" . $getid; mysqli_query($mysqli, $query); tep_redirect(tep_href_link($pagename, 'action1=success&id=' . $getid)); } include "includes/styles.php"; ?> <script language="javascript"> function checkval(form) { if(form.name.value=="") { alert("Please enter State name");form.name.focus(); return false; } if(form.tablename.value=="") {